<wsp:Policy xmlns:wsp="http://www.w3.org/ns/ws-policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameTokenOverHTTP">
   <wsp:ExactlyOne>
      <wsp:All>
         <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
            <wsp:Policy>
               <sp:TransportToken>
                  <wsp:Policy>
                     <sp:HttpsToken RequireClientCertificate="false"/>
                  </wsp:Policy>
               </sp:TransportToken>
               <sp:AlgorithmSuite>
                  <wsp:Policy>
                     <sp:Basic256/>
                  </wsp:Policy>
               </sp:AlgorithmSuite>
               <sp:Layout>
                  <wsp:Policy>
                     <sp:Lax/>
                  </wsp:Policy>
               </sp:Layout>
               <sp:IncludeTimestamp/>
            </wsp:Policy>
         </sp:TransportBinding>
         <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
            <wsp:Policy>
               <sp:UsernameTokenp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"/>
            </wsp:Policy>
         </sp:SignedSupportingTokens>
         <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
	    <ramp:user>user</ramp:user>
            <ramp:passwordCallbackClass>clientpolicy.pwcb</ramp:passwordCallbackClass>
	</ramp:RampartConfig>
      </wsp:All>
   </wsp:ExactlyOne>
</wsp:Policy>